c4-judge
commented
5 months ago Picodes changed the severity to QA (Quality Assurance)
Closed c4-bot-9 closed 5 months ago
c4-judge
commented
5 months ago Picodes changed the severity to QA (Quality Assurance)
c4-judge
commented
5 months ago Picodes marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/dao/DAOConfig.sol#L64-L198 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/price_feed/PriceAggregator.sol#L65-L96
Vulnerability details
Impact
Detailed description of the impact of this finding.
Proof of Concept
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/dao/DAOConfig.sol#L64-L198
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/price_feed/PriceAggregator.sol#L65-L96
In the functions from line 64 to line 198 in DAOConfig.sol and lines 65 to 96 in PriceAggregator.sol, it is possible to adjust the parameters to below or above their in intended range.
As an example, in the changeBootstrappingRewards function [in DAOConfig.sol], it is possible to adjust the bootstrappingRewards to below 50,000 or to above 500,000.
Recommended Mitigation Steps
Consider using require() statements to make sure the functions finish execution only if the parameters are adjusted to a number within the specified range.
Alternatively, adjust the values in the if statements by the adjustment value [that is, decrease the comparison bound by the adjustment value in the if(increase){} block and increase the comparison bound by the adjustment value in the else{} block] and change the < to <= and > to >= as such:
Assessed type
Math